Cyber Security Statistics for 2019

Cybersecurity is often seen as one of those big problems that only large entities like banks, tech companies, and governments have to worry about. In reality, a lot more people should be concerned with cybersecurity and not just the big corporations. The latter may be indeed responsible for more data. Still, it is the smaller entities, such as companies with less than 1000 employees, that are at the greatest risk.

TechJury compiled a list of cyber security statistics to help visualize what is happening in the field as well as what to expect in 2019.

Here are some of the most telling facts:

IT security can definitely use a boost; in most cases, it takes half a year to detect a data breach.

Consider that 43% of all cyber attacks are aimed at small businesses to realize the immense scope of the threat.

Not only businesses are at risk, though, as 91% of attacks launch with a phishing email.

That makes sense because 85% of all attachments emailed daily are harmful for their intended recipients.

38% of malicious attachments are masked as one Microsoft Office type of file or another.

Cyber criminals managed to exploit the credit cards of 48% of Americans back in 2016.

The global cost of online crime is expected to reach $6 trillion by 2021.

Let’s examine this global threat in greater detail.

Data Breaches

Often it is data breaches that steal the headlines.

In most cases, it takes companies about 6 months to detect a data breach.

(Source: ZD Net)

If a robbery took place and the perpetrators got away, how much of a head start do they have if they want to cover their tracks? A day? An hour? Cyber criminals often get a neat 6-month head start, which makes tracking them down that much harder.

There were 8,854 recorded breaches between January 1, 2005 and April 18, 2018.

(Source: Identity Theft Resource Center)

These breaches account for millions of records, with the price per record ranging anywhere from $120-$600. If we average these out at $360 per record, then the total price of these breaches is in the billions. People talk about the cost of cyber security, but they seldom think about the cost of not having it.

In 2017, 61% of data breach victims were companies with less than 1000 employees.

(Source: Verizon)

While this number may be alarming, this has more to do with the fact that the larger-scale companies are more likely to have robust security than smaller companies. Many of these smaller companies simply do not have the means for proper defence to combat advanced cyber threats, which contributes heavily to these cyber security statistics.

Cyber Attacks

Cyber attacks vary in sort and severity, but they can be absolutely devastating, especially for small business owners.

43% of cyber attacks are targeted at small businesses.

(Source: Small Business Trends)

It makes a lot of sense that the little guy is targeted so often. While the benefit of such attack for the hacker is relatively small, it is much easier to pull it off. Many small businesses have minimal security infrastructure, making them easy prey for data predators. Considering the number of cyber attacks per day, quite a few of those get targeted.

Around 50% of the risk companies face come by way of having multiple security vendors.

(Source: Cisco)

One may think when it comes to security, the more the merrier. However, having multiple security vendors is a great way to complicate your security infrastructure in a way that is likely to create greater vulnerabilities. It is best to stick with one security vendor and comply with all security updates and recommendations the vendor presents, according to various hacking stats.

IoT attacks were up by 600% in 2017.

(Source: Symantec)

Nearly everyone has a smartphone now, making hackers and cybercriminals have greater choice of targets for attack. A portion of the rise could be attributed to the increased number of IoT devices, but the greater issue is that security doesn’t keep up the pace of the growing threats.

31% of organizations have experienced cyber attacks on operational infrastructure.

(Source: Cisco)

Perhaps the more concerning side to cyber security statistics in general is the number of incidents that have gone unreported. Speculation would lead one to believe that the figure of 31% is significantly lower than reality. Whatever the case, this is an important figure to be aware of as it shows at the very least that hackers are proficient in finding the correct target.

DDoS attacks account for 5% of monthly traffic related to gaming.

(Source: Cox BLUE)

Another prevalent form of attack comes in the form of DDoS. This attack attempts to disrupt regular traffic to the desired web endpoint. Video gaming is a popular place for these attacks to occur because there are predictable and specific endpoints for most devices.

Just 38% of global organizations claim that they are equipped and able to handle a complex cyber attack

(Source: IBM)

Perhaps one of the most alarming cyber security statistics on this list is the understanding that 62% of global organizations cannot claim that they are equipped to handle a cyber attack. This void will lead the charge for improved cybersecurity in the future.

Malware

Malware is by far the most common type of malicious internet activity.

Over 24,000 malicious mobile apps are blocked from the various app stores each day.

(Source: Symantec)

Apple has generally been on top of its app store, not allowing malicious or harmful software onto iOS devices. Android has had a longer journey there because of the freedom afforded to developers. Nevertheless, it improved radically over the past several years. Such malicious apps can still be accessed, but most devices do require user approval before installing any unverified third-party applications. Cyber attack statistics show this to be a key reason why harmful software for mobile devices is not such an issue anymore.

$2.4 million is the average cost of a malware attack in 2017.

(Source: Accenture)

One of the most prevalent attacks comes in the form of malware. Malware can cripple entire systems or even render them useless. A successful malware attack resulting in a cybersecurity breach can crumble an entire company as well as ruin its public reputation.

There was an 80% increase in malware attacks on Mac computers in 2017.

(Source: Cisco)

Mac computers have always been renowned for their threat security. As far as out of the box security goes, Mac has been the gold standard for quite some time, but things seem to be changing. Malware statistics point to an astronomical increase that raises a few eyebrows. Is it possible that cybercriminals have found new vulnerabilities?

75% of the healthcare industry has been infected with malware at some point in time.

(Source: CISION: PR Newswire)

The healthcare industry accounts for the most records lost. This has to do with many factors including outdated systems, lack of training, and substandard protocols. In short, healthcare providers are an easy target with a lot to offer to potential criminals. It is no wonder why this industry is so often a target of large scale cyber attacks.

Around 60% of malicious web domains are associated with spam campaigns.

(Source: Cisco)

For some reason I find it concerning when a company tells me to check my spam folder. The spam folder is where many people get taken advantage of. Spam campaigns attempt to send the user to insecure or malicious domains in an attempt to mine data.

38% of malicious files came in formats used by the Microsoft Office suite of products.

(Source: Cisco)

Microsoft Office is one of the most familiar sights in a modern working environment. Cybercriminals use these formats for their malicious files in attempts to lure unsuspecting victims into thinking it is just a simple spreadsheet or report. This is valid not only for recent cyber attacks, as executable files masked as harmless, well-known files are a popular digital bait for years now.

Cyber Security Is in High Demand

Security specialist is one of the most promising career choices in the IT sector.

There are over 300,000 unfilled cybersecurity jobs in the United States, with the demand rising each year.

(Source: Cybint Solutions)

If you are a college freshman deciding on a major, then cybersecurity might be an attractive option. Not only are there plenty of openings, but the demand is expected to rise at an unprecedented rate. There are plenty of jobs available in tech nowadays, but perhaps none are as vital than as security. The next few cyber security stats show just how pressing this need may be.

By 2021, the number of unfilled cybersecurity jobs is expected to balloon to 3.5 million.

(Source: The Hill)

The expected rise in jobs is still outpaced by the expected need for them. Chances are, companies will not be able to get enough cybersecurity experts. There’s simply not going to be enough people with this type of competency to fill all available spots. Let’s just stop and consider what it means that so many companies will not be able to get proper protection from cybercrimes. As cybercrime statistics show, this is one of the biggest problems that companies have to solve.

Cybersecurity job postings are up 74% over the past five years.

(Source: Cybint Solutions)

This is the silver lining to these attacks. Many young people will be able to find gainful work in the cyber security sector. The unfortunate reality is much of this will be in response to attacks that will take place, and that there will be many more data breaches affecting millions of people within the next few years. Data breach statistics don’t suggest that the need for experts in the field will be lessened any time soon.

Cybersecurity expenditures are expected to reach $1 trillion by 2024.

(Source: Cyber Defense Magazine)

Once again, just like the jobs figures, this points to a very secure future for those pursuing a career in cybersecurity. The question remains if these expected expenditures will be enough prevent data breaches or at least bring them down significantly.

The annual cost of cybercrime damages is expected to hit $5 trillion by 2020.

(Source: Cyber Defense Magazine)

The rate of these crimes is only expected to increase. Criminals are finding increasingly clever and diabolical ways to get their hands on data. This, coupled with the projections for further data breaches, spells an unwelcome story going forward. Some estimates have the number as high as $10 trillion. In this context, whatever the cost of cybersecurity may be it seems like a worthy investment.

65% of companies have over 500 employees that have never changed their password.

(Source: Varonis)

I believe most people are guilty of not changing their password often enough. This is just making it easy for would-be cybercriminals to have easy access to sensitive information through compromised passwords. An easy solution to these problems is an automated system that requires employees to regularly change passwords. Many such programs are free and easily implemented by IT professionals.

Ransomware Has Run Rampant

Ransomware, especially with the advent of cryptocurrencies, is an increasingly popular way for hackers to make money.

Ransomware attacks are growing more than 350% annually.

(Source: Cisco)

A ransomware attack is designed to hijack the targets’ systems and hold them hostage in exchange for certain demands. These attacks are particularly effective and growing in number as the data from Cisco shows. The increase in cyber attacks is bound to continue in the foreseeable future.

The damage costs of ransomware will rise to $10 billion in 2019.

(Source: Cyber Defense Magazine)

Once again, ransomware holds data and entire systems hostage until demands are met. Independent risk evaluators postulate that compliance with the perpetrator leads to greater security vulnerabilities and greater total loss.

A business falls victim to a ransomware attack every 13.275 seconds.

(Source: Cyber Defense Magazine)

Something that differentiates cybercrime from any other kind of crime is the automation that can be deployed by perpetrators. Automation allows for cyber attacks to be deployed simultaneously and relentlessly. Failed attacks can be tried again almost infinitely. The number of cyber attacks each day keeps going up. Automation may also be the key to protection from these types of attacks, but for now it is not yet clear how to utilize this technology. As the stakes get higher and cyber criminals become more aggressive, the incentive to develop a solution will rise as well.

Unprotected, Progressively Vulnerable, and Ignored

System upgrades are not the easiest thing to implement. However, they become increasingly necessary to address adequately the growing security threats.

Of all files, 21% remain completely unprotected.

(Source: Varonis)

This isn’t as startling of a revelation when compared to the other cyber security stats, but it is an alarming number of unprotected files. Of course, just because a file isn’t protected, doesn’t mean it’s accessible. Still, there’s a number of cases where that kind of protection is called for, but is not present.

Reported system vulnerabilities went up by 16% in 2017.

(Source: Varonis)

The full reports for 2018 have not become available at the time of this writing, but early indications have this figure even higher over the past year. As tech evolves, most do not upgrade immediately. Older systems have different security vulnerabilities. If these are not addressed in a timely manner the systems are exposed even more with every passing day.

95% of data breaches have cause attributed to human error

(Source: Cybint Solutions)

With a large data breach, all eyes and fingers begin pointing to the IT department. The fact of the matter is these data breaches can very rarely be attributed to the folks over in IT. Information technology security breaches are few and far between. User error or actions that fall outside of IT recommended behavior will always cause more problems than just following the guidelines set by the IT department.

Phishing

Phishing mail, just like the popular hobby with similar name, is extremely common and simple.

30% of U.S. users open phishing emails.

(Source: Verizon)

Unsurprisingly, phishing attacks make up a large amount of cyber security incidents. It is quite likely that most of us have opened phishing emails at some point in time. Kaspersky’s anti-phishing software has caught hundreds of millions of them every year.

12% of those who opened phishing emails later opened the infected links or attachments.

(Source: Verizon)

As we await the arrival of 2019 cyber security statistics, the report from Verizon shows that phishing attacks had a moderately high success rate. With more and more people understanding the dangers that lurk with these attacks, the hope is that this number will continue to fall in the coming years.

In the last year, 76% of businesses reported that they had been a victim of a phishing attack.

(Source: Wombat)

Phishing attacks are the most common cyber security attack. This type of attacks are a big part of why there are so many compromised passwords. If you check your spam folder in your email, it is more than likely that you will find several of them. If a phishing emails makes it past filters into the inbox, to the untrained eye they will seem like legitimate messages that can be trusted.

References:

1. ZD Net
2. Identity Theft Resource Center
3. Verizon Data Breach Investigations Report
4. Small Business Trends
5. Cisco
6. Symantec
7. Cisco Data Privacy Study
8. Cox BLUE
9. IBM Cost of Data Breach Study
10. Symantec Internet Security Threat Report
11. Accenture
12. Cisco Annual Cybersecurity Report 2018
13. CISION: PR Newswire
14. Cisco Data Privacy Study
15. Cisco Data Privacy Study
16. Cybint Solutions
17. The Hill
18. Cybint Solutions
19. Cyber Defense Magazine
20. Cyber Defense Magazine
21. Varonis Global Data Risk Report
22. Cisco Annual Cybersecurity Report 2018
23. Cyber Defense Magazine
24. Cyber Defense Magazine
25. Varonis Global Data Risk Report
26. Varonis Global Data Risk Report
27. Cybint Solutions
28. Verizon Data Breach Investigations Report
29. Verizon Data Breach Investigations Report
30. Wombat Security

Related documents and reading:

1. Know Before
2. Ponemon
3. Kaspersky
4. Cyberark
5. Time
6. Ponemon State of Endpoint Security Risk Report
7. Accenture Cost of Cybercrime Study
8. Accenture Cyber Threatscape Report
9. IBM Cost of Data Breach Study
10. Ponemon Global Cost of Data Breach Study
11. CSO Online
12. Accenture Achieving Data-Centric Security
13. Forbes Technology Council

About the Author

Nick Galov, Hosting Expert and Content Manager on TechJury.net. Nick is on a mission to improve the world of web hosting for some time now. When he got the chance to contribute to the betterment of all kinds of software, he simply couldn’t say no. When not geeking it out, he enjoys lager and football.